Councillors and committees
Agenda and minutes
You can view the individual reports for this meeting by selecting the headings from the numbered list of items at the bottom of this page. Alternatively you can view the entire agenda by selecting 'Agenda Reports Pack' below.Watch key Council meetings here
Venue: Guildhall, Kingston upon Thames
Contact: Ann Sweeney , tel 020 8547 4629 email: firstname.lastname@example.org
To confirm the minutes of the meeting held on 21 November 2018.
The minutes of the meeting on 21 November 2019 were confirmed as a correct record.
The external Audit Plan to 31 March 20198 covers the key areas of challenges and opportunities facing the Council and the work the auditors will be doing on the final accounts audit and the value for money conclusion.
In addition to the presumed risks inherent in all audits two additional risks have been identified. These relate to the valuation of the pension fund net liability and valuation of assets - property, plant and equipment.
Budget management; medium term financial planning and Brexit have been highlighted as significant risks on which the auditors will be doing further work as part of this year’s Value for Money conclusions
On the Pension Fund the significant risk identified is the management override of controls
Points raised in the discussion ranged over – the assessment of risk on manipulation of funds received as government grants; how commercial revenues are recognised in the accounts Brexit risks and how these will be assessed received.
The scale of Audit fees and quality control of these was also raised. These are within the set Public Sector Audit scales, the framework for which contains a number of quality tests.
The Audit findings will be submitted to the Committee in July.
Resolved that the Audit Plan and Pension Fund Plan is noted.
The Council’s grant claims to central Government for Housing Benefit Subsidy requires certification by the Council’s external auditor, Grant Thorntonto confirm the Council’s entitlement to funding.
The claim of £71.6m was certified and the testing work revealed no errors.
1. the certification of the Housing Benefit subsidy claims for 2017-18 and the fee for this work is noted;
2. the Finance Team is complimented on the claim being without error.
A summary of the top 15 risks on the Corporate Risk register was considered. This had been reviewed by the Strategic Leadership Team (SLT) on 12 February.
The 2 red risks are the Dedicated Schools Grant deficit and Placement Costs. Mitigating measures for all the risks were listed.
In response to a question on projections on income from investment properties it was noted that the intention is to spread the risk across a wider range of properties.
Updates on the risks selected at the November meeting for more detailed review were also presented.
Cyber Security and Information Governance
The Council complies with the Public Sector Network security requirements. The assessment for this includes an external security test of the network.
Following a formal assessment by an external accreditation body, The Council has also been awarded the Cyber Essentials Certification indicating that systems will protect against the vast majority of common cyber attacks and Cyber Essentials Plus certification, a more rigorous test of cyber security systems is being sought..
Phishing is one of the biggest risks for the Council and on the internet in general. Tool are in use to test staff awareness of the risk and how to avoid falling for any scam
Links with the National Cyber Security Centre (NCSC), part of GCHQ, continue and the Council is participating in several initiatives with them including being one of the testing sites for the new improved Webcheck service This continually scans the internet facing infrastructure, websites (ending in .gov.uk), firewalls etc. for issues and misconfigurations.
Significant progress has been made to remove unsupported operating systems over the past year to ensure the Council is on supported and maintained versions.
continues across a number of areas to embed cyber security into the
overall Council Business Continuity Plans, finally better using of
logging and reporting from systems and use of threat
The Council’s website has been updated to comply with and reflect the changes in legislation on Data Protection and to provide clear guidance on how the public can exercise their data rights. Privacy Notices are displayed on our webpage. Processes are in place for Subject Access Requests and the Right to Erasure and other right to data .
The Information Asset Register and Retention and Disposal Schedule has been updated and will be reviewed quarterly.
A process of Data Protection Impact Assessments (DPIA) is embedded in the project management and commissioning process. Services provided by arms length companies include satisfactory Information Governance and Security requirements which are checked on a regular basis.
Training and awareness for staff and Councillors on Information Governance continues with specific training for roles such as Data Protection Officer, Senior Information Risk Owner and Caldicott Guardian have had specific training. Training and drop in sessions are provided to all staff.
There is a programme of work for 2019/20 to ensure that improvements continue to be made in the management of Information and cyber security.
Questions concerned internal and external audit of these ... view the full minutes text for item 20.
The update on the work carried out by Internal Audit since November was considered.
As at the report date approximately 84% of the plan has been completed based on number of days delivered, this compares to 79% at this stage last year. This year’s plan was weighted towards the second half of the year with more audits being planned in Quarters 3 and 4. The total number of audits completed or in progress is 33. 8 have been cancelled or moved to the 2019/20 plan.
Since November 3 audits have been finalised with Limited assurance and 5 Priority 1 recommendations have been raised, these were detailed in Annex 3 of the report and considerable progress has been made on their implementation.
On the follow up of earlier Priority 1 recommendations, there are 10 which have exceeded their initial agreed implementation date. These were detailed in paragraph 11 of the report. Progress on these has been good, particularly on the 4 audits which raised multiple recommendations.
Questions raised concerned
Housing Repair system – procurement of the new system is ongoing.
Adult Care Income – a project is in place on the updating of recording procedures; linking with other Council financial systems so that forecasts, billing and payments move away from manual processes.
Management development and training- the capability of the system will now provide monthly reporting on training completed and any instances where mandatory training modules are incomplete.
SEND audit – the timing of this has been reviewed and it will be in 2019-20. The scope of the audit has not yet been defined.
Coombe Hill Junior School – the 3 P1 recommendations relate mainly to documentation procedures.
Progress on the Achieving for Children Audit plan is reported separately to the AFC Audit Committee. To date 83% of the plan has been completed and 3 Priority 1 recommendations raised since the November report. These were set out in Annex 4.
Resolved that the update on the work undertaken by Internal Audit since November 2018, the Priority 1 recommendations raised and progress being made to address the issues identified is noted.
The proposed Internal Audit Charter and Strategy and Internal Audit Plan for 2019/20 as required by the Public Sector Internal Audit Standards (PSIAS) was presented for approval
The Charter meets the requirements of the Public Sector Internal Audit Standards and is a formal document which establishes the position of the internal audit activity within the organisation. It authorises access to records, personnel and physical properties and defines the scope of activities.
The strategy covers how the service will be developed and delivered, together with the appropriate resourcing; an assessment of the risks which the audit service itself faces; how internal audit will rely on the assurance provided by other providers, and how the service will measure its performance and quality assurance.
Internal audit work is undertaken by the South West London Audit Partnership (SWLAP) across the 5 Boroughs - Kingston, Merton, Sutton, Richmond & Wandsworth. This also includes Achieving for Children (AfC).
The Audit Plan is risk based and has a wider focus than the high risks from the Corporate Risk Register. It is drawn up by combining the corporate assessment of risk with Internal Audit’s own assessment of risk (the Audit Universe) and knowledge of any emerging risks.
A key element of the process is discussions with Senior Management and analysis of Departmental and Corporate Risk Registers.
The plan developed is deliverable within the 775.5 days commissioned by the Shared Service Board. This is 78 days more than in 2018/19 (697.5 days).
It includes the complete Audit Plan for Achieving for Children – 280 days - split equally between Kingston and Richmond. The plan was presented to the AfC Audit Committee in January.
The Plan is flexible to accommodate changing audit needs during the year reflecting changes in risks and accommodating changing management and organisational priorities.
The plan will be monitored by the Shared Service Board and any significant changes will be reported to the Strategic Leadership Team and this Committee.
A key objective of the shared service is providing an efficient and cost effective service, standardisation of audit methodology, the delivery of shared audits over more than one partner and a structural review of the service has resulted in a 2% saving for 2019/20 across the partnership.
The approach in the Plan was supported.
Resolved that thefor 2019/20 is approved
Date of Next Meeting and dates for Municipal Year 2019/20
Next meeting Thursday 02 May 19
Tuesday 30 Jul 19
Thursday 24 Oct 19
Thursday 23 Jan 20
Thursday 30 Apr 20
Next meeting Thursday 02 May 19
Tuesday 30 Jul 19
Thursday 24 Oct 19
Thursday 23 Jan 20
Thursday 30 Apr 20